NotCVE - vendor:"Manageengine" product:"Pam360"

3 results (0.001 seconds)

CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0

CVE-2024-5546 – SQL Injection

https://notcve.org/view.php?id=CVE-2024-5546

28 Aug 2024 — Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option. Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option. • https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2024-5546.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-27313 – XSS Vulnerability

https://notcve.org/view.php?id=CVE-2024-27313

29 May 2024 — Zoho ManageEngine PAM360 is vulnerable to Stored XSS vulnerability. This vulnerability is applicable only in the version 6610. Zoho ManageEngine PAM360 es vulnerable a la vulnerabilidad XSS almacenado. Esta vulnerabilidad es aplicable sólo en la versión 6610. • https://www.manageengine.com/privileged-access-management/advisory/cve-2024-27313.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-27312 – Authorization vulnerability in PAM360

https://notcve.org/view.php?id=CVE-2024-27312

20 May 2024 — Zoho ManageEngine PAM360 version 6601 is vulnerable to authorization vulnerability which allows a low-privileged user to perform admin actions. Note: This vulnerability affects only the PAM360 6600 version. No other versions are applicable to this vulnerability. Zoho ManageEngine PAM360 versión 6601 es vulnerable a una vulnerabilidad de autorización que permite a un usuario con pocos privilegios realizar acciones administrativas. Nota: Esta vulnerabilidad afecta solo a la versión PAM360 6600. No hay otras v... • https://www.manageengine.com/privileged-access-management/advisory/cve-2024-27312.html • CWE-862: Missing Authorization CWE-863: Incorrect Authorization •